On Wednesday 24 April 2002 05:28 am, Thomas Futschek wrote:
> Recently I saw if you boot a kernel with a boot option like
> 'init=/bin/bash' (to example: linux init=/bin/bash) you become root without
> athentification.
>
> Can anybody tell me why it works and how I protect?

Others have quite adequately explained the LILO aspects of this, but I would
add one comment:

Physical security is an important aspect of any system, and you need to protect
access to the physical console. Even a BIOS password can be circumvented, by
using the jumper on (many) motherboards that allows the BIOS to be totally
flushed and reset through temporarily removing its battery power.

If your system is important, the physical console needs to be under lock and
key. That's true of all systems, not just Linux.

Scott

-- 
-----------------------+------------------------------------------------------
Scott Courtney         | "I don't mind Microsoft making money. I mind them
courtney4th.com       | having a bad operating system."    -- Linus Torvalds
http://www.4th.com/    | ("The Rebel Code," NY Times, 21 February 1999)
-- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]